A zero-day vulnerability that was disclosed in late November allows command injection. The vulnerability was reported to the company by the National Security Agency. It affects 12 versions of the company’s products, including Workspace One. The company has issued a full patch and revised the severity level of the vulnerability to important rather than critical The bug was originally given a 9.1 out of 10 on the CVSS severity scale, but now it’s 7.2.
Source: https://threatpost.com/vmware-fix-critical-zero-day-bug/161896/